Skip to content
Threat Feed
medium advisory

Inner Warden Security Agent Capabilities

The open-source Inner Warden project is a security agent leveraging eBPF for kernel-level monitoring and autonomous response actions like IP blocking and process termination, aiming to create a distributed security mesh.

Inner Warden is an open-source security agent designed to enhance server protection by utilizing eBPF for kernel-level monitoring. The project aims to provide autonomous response capabilities, initially developed to protect an AI agent (OpenClaw). Inner Warden uses eBPF tracepoints (execve, connect, openat), kprobes on commit_creds for detecting privilege escalation, LSM hooks to block execution from /tmp and /dev/shm, and XDP for high-speed IP blocking. It incorporates a detection layer for brute force attacks, port scans, privilege escalations, container escapes, and C2 callbacks. The response layer includes blocking IPs, killing processes, restricting sudo access, and deploying simple honeypots. A distributed mesh architecture allows nodes to share signals about suspicious activity.

Attack Chain

  1. An attacker gains initial access to a system through an unspecified vulnerability.
  2. The attacker attempts to execute a malicious binary from /tmp or /dev/shm.
  3. Inner Warden’s LSM hook blocks the execution of the binary, preventing the initial execution attempt.
  4. The attacker attempts to escalate privileges by exploiting a vulnerability, triggering the commit_creds kprobe.
  5. Inner Warden detects the privilege escalation attempt.
  6. The attacker attempts to establish a command-and-control (C2) connection.
  7. Inner Warden detects the C2 callback and blocks the attacker’s IP address using XDP, preventing further communication.
  8. Inner Warden nodes share signals of the suspicious activity, prompting other nodes within the mesh to adjust their behavior, increasing security across the distributed environment.

Impact

Successful deployment of Inner Warden could prevent privilege escalation attacks, block execution of malicious code from temporary directories, disrupt command-and-control communication, and mitigate brute force and port scanning attempts. A compromised node could potentially send false positives, but Inner Warden’s trust scoring is designed to avoid large-scale disruption. The primary impact is improved host security posture and potentially reduced incident response workload through automated threat mitigation.

Recommendation

  • Deploy the process creation rule below to detect executions blocked by Inner Warden’s LSM hook from /tmp or /dev/shm.
  • Deploy the network connection rule to identify C2 callbacks blocked by Inner Warden’s XDP-based IP blocking.
  • Investigate any alerts generated by the privilege escalation detection rule, indicating potential exploitation attempts.
  • Monitor for alerts generated by Inner Warden regarding potential poisoning or false positives.

Detection coverage 2

Detect Execution Blocked from /tmp or /dev/shm

high

Detects process executions blocked due to the LSM hook preventing execution from /tmp and /dev/shm

sigma tactics: defense_evasion techniques: T1068 sources: process_creation, linux

Detect Outbound Connections Possibly Blocked by Inner Warden

medium

Detects outbound network connections to unusual ports, potentially blocked C2 callbacks.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, linux

Detection queries are kept inside the platform. Get full rules →